We only take credit card information over https://. This means that even if a customer enters card information on an unsecured connection, anyone watching their internet traffic will not be able to read the data they enter.
We never transmit or store card information on our own servers. We use an independent, highly trusted service to collect, store, and process card payments. We follow all recommended best practices. This includes never sending card information over any of our servers.
We are PCI Compliant. We perform a regular review of the security for the handling of credit card information following the standards set forward by the official PCI Security Standard.
Our employees never touch card information and cannot access it - not even our engineers or executives. One of the principles of PCI compliance that we follow is that we never allow credit card information to pass through our employees hands or our own computers or servers. Customers must provide their card information directly or we don't have the information on file. We don't take card info over phone, sms, or in person.
Every transaction is reviewed for Fraud or Security issues. Our payment processor runs every transaction (and every new credit card) through a series of fraud and validity checks before it allows the transaction to complete. If anything about the transaction appears out of line in their systems they will reject / deny the transaction.